In this product review conducted by SANS instructor Serge Borso, we learned that BreakingPoint is more than just a network testing tool. BreakingPoint provides a unique solution that enables security assessment, vendor selection and change management. It integrates well and is easy to use. We believe the tool has great value to the security community and specifically larger enterprises in the midst of infrastructure updates and those optimizing information security programs.

The number of computer related security incidents continue to grow yearly, resulting in the need for ensuring network infrastructures are built to be forensically capable. During the period January 2011 to December 2015, the number of reported computer security incidents grew over this four-year period from 1,281 to 3,930. Similar to the increased number of reported computer security incidents, was the increased number of exposed records. During this same period, the number of exposed records jumped from 413 million to 736 million, with 2013 and 2014 having over 2 billion records exposed. Some challenges with becoming forensically capable, relates to understanding the business needs, identifying the people to support that need and ultimately the technology or tools to support business needs.

There are many decisions a company must make while choosing an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) for their infrastructure. Pricing questions will arise to determine if it will fit into their budget.

An Analyst Program whitepaper written by Byron Acohido. It discusses various security
maturity models and how organizations can use them to improve their defense posture while
reducing the time needed to respond to incidents and contain the damage.

Attack trees have been used as a mechanism to formalize security analysis of a system for over a decade (Amoroso, 1994; Schneier, 1999), and have gone through various adaptations including Defense Trees, Attack Response Trees and Attack Countermeasure Trees.

“Perceived Control” is a core construct used in the psychology field that can be considered an aspect of empowerment (Eklund, & Backstrom, 2006). Effectively, it is a measure of how much control people feel that they have, as opposed to the amount of “Actual Control” that they may have. It is often paired against constructs such as “Vicarious Control” and “Vicarious Perceived Control”, which measure the amount of control that outside entities have over the subject. Often, these are variables measured in the psychology/health field. For example, in the world of medicine, when patients report a lack of perceived control over controllable illnesses such as diabetes (Helgeson, & Franzen, 1997), breast cancer (Helgeson, 1992) and heart disease (Helgeson, 1992), they often do more poorly than patients who feel that they have a greater sense of control over their illness. There is also evidence that students with high perceived control do substantially better academically than those with low, though this seems to also link with emotions surrounding the tasks at hand (Ruthig, Perry, Hladkyj, Hall, & Pekrun, 2008). In short, people who are interested in and excited by what they are doing tend to perform better.

A well structured NSM will give the security community a way to study, implement, and maintain network security that can be applied to any network. In study, it can be used as a tool to breakdown network security into seven simple layers with a logical process. Traditional books have always presented network security in an unorganized fashion where some books cover issues that other books may completely neglect. In implementation, it can be used by network architects to insure that they are not missing any important security details while designing a network. In maintaining existing networks it can be used to develop maintenance schedules and life-cycles for the security of the existing network. It can also be used to detect where breaches have occurred so that an attack can be mitigated.

Incident handling is a term which describes a formalized process of identifying and responding to security incidents in a structured manner (SANS, 2006). Threat analysis is a concept most often associated with security threat intelligence, an area which focuses on gaining knowledge of new and existing threats for the purpose of formulating defenses to mitigate them.

The purpose of this paper is to consider the direct influence and impact of government agencies on the cybersecurity decision cycle, especially regarding computer system and network critical infrastructure.

The purpose of this paper is to consider the direct influence and impact of government agencies on the cybersecurity decision cycle, especially regarding computer system and network critical infrastructure.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.